Phishing scams can wreak havoc on your finances by tricking you into providing thieves with personal identifiable information through fake websites or even over the phone. It used to be that phishing was limited to emails received from what appeared to be legitimate websites. Phishing has now taken on a new form called voice phishing or “vishing”. This is where you receive a phone call or a message from what appears to be a legitimate company claiming that they need to confirm your account information, claiming that you need to make an immediate payment, or that you are eligible to obtain lower credit card interest rates. Once the thieves have any type of personal and identifiable data, they can use the information to open fake accounts in your name, ruin your credit, steal your money or even your identity. So how do you protect yourself? Here are a few simple rules:
1. Never give any personal information over the phone or email: If you receive a phone call from a company requesting personal information such as your account number, social security number, or address, simply let them know that you will call them back using the phone number on your statement. If you receive a request for information by email, do not reply or click on any of the links. Call the company directly using the phone number on your statement, and not the number listed on the email to ask about the request.
2. Be cautious about opening attachments or clicking on links in emails: Even your colleague or friends’ accounts could be hacked. Files and links can contain malware that can weaken your computer’s security.
3. Never provide any personal information on a website that is not secure: Make sure the site’s URL begins with “https”. There should be a closed lock icon near the address bar. Check for the site’s security certificate as well. If you get a message stating a certain website may contain malicious files, do not open the website.
4. Turn on two-factor authentication: For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone, or a random number generated by an app or a token. This protects your account even if your password is compromised. As an extra precaution, you may want to choose more than one type of second authentication (e.g. a PIN) in case your primary method (such as a phone) is unavailable.
5. Back up your files to an external hard drive or cloud storage: Back up your files regularly to protect yourself against viruses or a ransomware attack.
6. Keep your security up to date: This includes activating antivirus software and using a firewall. Use security software you trust, and make sure you set it to update automatically.
7. Report phishing emails and texts:
- Forward phishing emails to spam@uce.gov – and to the organization impersonated in the email. Your report is most effective when you include the full email header, but most email programs hide this information. To ensure the header is included, search the name of your email service with “full email header” into your favorite search engine.
- File a report with the Federal Trade Commission at FTC.gov/complaint.
- Visit Identitytheft.gov. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.
- You can also report phishing email to reportphishing@apwg.org. The Anti-Phishing Working Group – which includes ISPs, security vendors, financial institutions and law enforcement agencies – uses these reports to fight phishing.